Start adding EC support in gen_key

programs/pkey/gen_key.c

@@ -51,12 +51,10 @@ int main( int argc, char *argv[] )
 }
 #else
 
-#define TYPE_RSA                0
-
 #define FORMAT_PEM              0
 #define FORMAT_DER              1
 
-#define DFL_TYPE                TYPE_RSA
+#define DFL_TYPE                POLARSSL_PK_RSA
 #define DFL_RSA_KEYSIZE         4096
 #define DFL_FILENAME            "keyfile.key"
 #define DFL_FORMAT              FORMAT_PEM
@@ -109,11 +107,11 @@ static int write_private_key( pk_context *key, const char *output_file )
 }
 
 #define USAGE \
-    "\n usage: gen_key param=<>...\n"                    \
+    "\n usage: gen_key param=<>...\n"                   \
     "\n acceptable parameters:\n"                       \
-    "    type=rsa              default: rsa\n"          \
+    "    type=rsa|ec           default: rsa\n"          \
-    "    rsa_keysize=%%d      default: 4096\n"          \
+    "    rsa_keysize=%%d        default: 4096\n"        \
-    "    filename=%%s         default: keyfile.key\n"   \
+    "    filename=%%s           default: keyfile.key\n" \
     "    format=pem|der        default: pem\n"          \
     "\n"
 
@@ -157,7 +155,9 @@ int main( int argc, char *argv[] )
         if( strcmp( p, "type" ) == 0 )
         {
             if( strcmp( q, "rsa" ) == 0 )
-                opt.type = TYPE_RSA;
+                opt.type = POLARSSL_PK_RSA;
+            if( strcmp( q, "ec" ) == 0 )
+                opt.type = POLARSSL_PK_ECKEY;
             else
                 goto usage;
         }
@@ -200,10 +200,15 @@ int main( int argc, char *argv[] )
     printf( "\n  . Generating the private key ..." );
     fflush( stdout );
 
-#if defined(POLARSSL_RSA_C) && defined(POLARSSL_GENPRIME)
+    if( ( ret = pk_init_ctx( &key, pk_info_from_type( opt.type ) ) ) != 0 )
-    if( opt.type == TYPE_RSA )
+    {
+        printf( " failed\n  !  pk_init_ctx returned -0x%04x", -ret );
+        goto exit;
+    }
+
+#if defined(POLARSSL_RSA_C) && defined(POLARSSL_GENPRIME)
+    if( opt.type == POLARSSL_PK_RSA )
     {
-        pk_init_ctx( &key, pk_info_from_type( POLARSSL_PK_RSA ) );
         ret = rsa_gen_key( pk_rsa( key ), ctr_drbg_random, &ctr_drbg,
                            opt.rsa_keysize, 65537 );
         if( ret != 0 )
@@ -211,20 +216,32 @@ int main( int argc, char *argv[] )
             printf( " failed\n  !  rsa_gen_key returned -0x%04x", -ret );
             goto exit;
         }
-
-        printf( " ok\n" );
     }
     else
 #endif /* POLARSSL_RSA_C */
+#if defined(POLARSSL_ECP_C)
+    if( opt.type == POLARSSL_PK_ECKEY )
     {
-        printf( " failed\n  !  key type not supported in library" );
+        // TODO: allow other curves
+        ret = ecp_gen_key( POLARSSL_ECP_DP_SECP256R1, pk_ec( key ),
+                          ctr_drbg_random, &ctr_drbg );
+        if( ret != 0 )
+        {
+            printf( " failed\n  !  rsa_gen_key returned -0x%04x", -ret );
+            goto exit;
+        }
+    }
+    else
+#endif /* POLARSSL_ECP_C */
+    {
+        printf( " failed\n  !  key type not supported\n" );
         goto exit;
     }
 
     /*
      * 1.2 Print the key
      */
-    printf( "  . Key information    ...\n" );
+    printf( " ok\n  . Key information:\n" );
 
 #if defined(POLARSSL_RSA_C)
     if( pk_get_type( &key ) == POLARSSL_PK_RSA )
@@ -245,14 +262,13 @@ int main( int argc, char *argv[] )
     if( pk_get_type( &key ) == POLARSSL_PK_ECKEY )
     {
         ecp_keypair *ecp = pk_ec( key );
-        mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL );
+        mpi_write_file( "X_Q: ", &ecp->Q.X, 16, NULL );
-        mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL );
+        mpi_write_file( "Y_Q: ", &ecp->Q.Y, 16, NULL );
-        mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL );
+        mpi_write_file( "D  : ", &ecp->d  , 16, NULL );
-        mpi_write_file( "D   : ", &ecp->d  , 16, NULL );
     }
     else
 #endif
-        printf("key type not supported yet\n");
+        printf("  ! key type not supported\n");
 
     write_private_key( &key, opt.filename );